Going by their Mastodon account, seems they were erroneously detected as "from a US-sanctioned region" and it took too long for said error to be resolved, so they just made the switch.

I've honestly never wrestled with Secure Boot in this way; I usually disable it if it won't let me boot my preferred kernel. From my brief online searches, enrolling your own keys is possible, but that depends on the kernel modules being signed in the first place, and carries risk of bricking devices if not done correctly. So you might just want to disable Secure Boot, or otherwise stick to kernels provided by your distribution.

I honestly have only passing knowledge of it, but my understanding is that Open Build Service is more for sharing software whose source code you are allowed to distribute. If you aren't looking to distribute at all, the solutions other users suggested might be better.

There's also a way to create an APT repository entirely on your own system, without a web server, which I haven't tried myself, but a DuckDuckGo search found this: https://help.ubuntu.com/community/Repositories/Personal

Looking online, there are some suggestions to either (re)install xapp:

sudo apt install --reinstall xapp

or a related library:

sudo apt install --reinstall gir1.2-xapp-1.0

However, usually I find that errors like this mean nothing, so I wouldn't be surprised if these steps change nothing.

The idea is probably to make it easier to get a useful configuration out of Debian. SpiralLinux does the same thing.